Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
mozilla 跨站脚本攻击漏洞
Vulnerability Description
Mozilla Firefox 3.0.13及之前版本,3.5,3.6 a1 pre和3.7 a1 pre;SeaMonkey 1.1.17和Mozilla 1.7.x及之前版本没有在WEB服务器发送的302错误文档范围内正确的处理HTML链接中的javascript,这使得用户协助式远程攻击者可以借助一些向量,执行跨站脚本攻击。这些向量涉及(1)注入一个Location HTTP响应头或(2)详细说明一个Location HTTP响应头的内容。
CVSS Information
N/A
Vulnerability Type
N/A